Skip to content

Security: kkkklck/QuietMask

Security

SECURITY.md

Security Policy

Supported versions

Security fixes are provided for the latest published version of QuietMask.

Version Supported
Latest release Yes
Older releases No

Reporting a vulnerability

Please do not disclose an unpatched vulnerability in a public issue.

Use GitHub Private Vulnerability Reporting when it is available for this repository. Include:

  • the affected QuietMask version and Chromium version;
  • the operating system;
  • the affected website or a minimal local test page;
  • clear reproduction steps;
  • the expected and observed behavior;
  • the potential privacy or security impact;
  • a proof of concept, if one can be shared safely.

If private vulnerability reporting is unavailable, open a public issue requesting a private contact channel without including exploit details.

Relevant security findings

Examples of findings that should be reported privately include:

  • a website bypassing or changing QuietMask settings without user interaction;
  • exposure of the installation seed or cross-site correlation identifiers;
  • unexpected network transmission or remote code execution;
  • a whitelist rule affecting unrelated domains;
  • a page escaping the intended isolation boundary;
  • a reproducible inconsistency that exposes a user's original protected value;
  • a permission or diagnostics path that grants broader access than documented.

General compatibility problems without a security impact may be reported through the public issue tracker.

Disclosure process

The maintainer will acknowledge a complete report, assess its impact, and coordinate a fix before public disclosure when appropriate. Please allow reasonable time for investigation and release preparation.

Thank you for helping improve QuietMask.

There aren't any published security advisories